MD5 and SHA cracked/broken...

[Paul Rubin]

Sam Holden <sholden at flexal.cs.usyd.edu.au> writes:
> Creating a collision between a "useful" file which people can
> examine and use and a "trojan" file which does "bad things" is
> significantly more difficult than creating two files whose
> MD5 sums collide but whose contents are essentially "random".

Of course it's not.  Just have a block of random-looking data
somewhere in the file, like in a bitmap image or something.  Who's
going to notice, if the bitmap doesn't actually get displayed?